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1 Technical correspondence: Analysis and detection of computer viruses and worms: 
<|k an annotated bibliography 

^ Prabhat K. Singh, Arun Lakhotia 

February 2002 ACM SIGPLAN Notices, Volume 37 issue 2 
Publisher: ACM Press 

Full text available: ^ pdf(667.42 KB) Additional Information: full citation , abstract 

This annotated bibliography reviews research in analyzing and detecting computer viruses 
and worms. This document focuses on papers that give information about techniques and 
systems detecting malicious code. 

2 Intrusion detection and response: Predators: good will mobile codes combat against 
computer viruses 
Hiroshi Toyoizumi, Atsuhi Kara 

September 2002 Proceedings of the 2002 workshop on New security paradigms 
Publisher: ACM Press 



Full text available: 



| pdf(526.24 KB) Additional Information: full citation , abstract , references , citings , index 



We present a mathematical analysis of a new approach to fight against computer viruses 
through the use of their predators. Predators are good will mobile codes which, like 
viruses, travel over computer networks, and replicate and multipy themselves. The only 
difference is that predators are specifically designed to eliminate the viruses. We model 
the interaction between predators and viruses by the Lotka-Volterra equations, which are 
widely used in mathematical biology. Using this model, we deri ... 

Keywords: Lotka-Volterra equation, computer virus, mathematical biology, worms 



A taxonomy of computer program security flaws 
Carl E. Landwehr, Alan R. Bull, John P. McDermott, William S. Choi 
September 1994 ACM Computing Surveys (CSUR), Volume 26 issue 3 
Publisher: ACM Press 

Additional Information: full citation , abstract , references , citings , index 
terms , review 



Full text available: l gpdf(3.81 MB) 



An organized record of actual flaws can be useful to computer system designers, 
programmers, analysts, administrators, and users. This survey provides a taxonomy for 
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computer program security flaws, with an Appendix that documents 50 actual security 
flaws. These flaws have all been described previously in the open literature, but in widely 
separated places. For those new to the field of computer security, they provide a good 
introduction to the characteristics of security flaws and how they ... 

Keywords: error/defect classification, security flaw, taxonomy 



4 Session 1 : ACT: attachment chain tracing scheme for email virus detection and 
^ control 
^ Jintao Xiong 

October 2004 Proceedings of the 2004 ACM workshop on Rapid malcode 
Publisher: ACM Press 

Full text available: ^| pdf(283.77 KB) Additional Information: full citation , abstract , references , index terms 

Modern society is highly dependent on the smooth and safe flow of information over 
communication and computer networks. Computer viruses and worms pose serious 
threats to the society by disrupting the normal information flow and collecting or 
destroying information without authorization. Compared to the effectiveness and ease of 
spreading worms and viruses, currently adopted defense schemes are slow to react and 
costly to implement. 

This paper proposes an automated email virus detecti ... 
Keywords: contact tracing, transmission chain, worm defense 



5 Risks to the public in computers and related systems 
Peter G. Neumann 

April 1993 ACM SIGSOFT Software Engineering Notes, volume 18 issue 2 
Publisher: ACM Press 

Full text available: ^ |pdf(1.60 MB) Additional Information: full citation , citings , index terms 



6 Security as a new dimension in embedded system design: Security as a new 

g> dimension in embedded system design 

Srivaths Ravi, Paul Kocher, Ruby Lee, Gary McGraw, Anand Raghunathan 
June 2004 Proceedings of the 41st annual conference on Design automation 
Publisher: ACM Press 

Full text available* 1?| pdf(209 10 KB) Additional Information: full citation , abstract , references , citings , index 
* '- terms 

The growing number of instances of breaches in information security in the last few years 
has created a compelling case for efforts towards secure electronic systems. Embedded 
systems, which will be ubiquitously used to capture, store, manipulate, and access data of 
a sensitive nature, pose several unique and interesting security challenges. Security has 
been the subject of intensive research in the areas of cryptography, computing, and 
networking. However, despite these efforts, security is ... 

Keywords: PDAs, architectures, battery life, cryptography, design, design 
methodologies, digital rights management, embedded systems, performance, security, 
security processing, security protocols, sensors, software attacks, tamper resistance, 
trusted computing, viruses 




http://portal.acm.org/results.cfm?coll=ACM&dl=ACM&CFID=9404232&CFTO^ 12/20/06 



Results (page 1): virus, detection, time, installation 



Page 3 of 6 



Robust service: Rewind, repair, replay: three R's to dependability Q 
Aaron B. Brown, David A. Patterson 

July 2002 Proceedings of the 10th workshop on ACM SIGOPS European workshop: 
beyond the PC EW10 

Publisher: ACM Press 

Full text available: *Q pdf(146.14 KB) Additional Information: full citation , abstract , references 

Motivated by the growth of web and infrastructure services and their susceptibility to 
human operator-related failures, we introduce system-level undo as a recovery 
mechanism designed to improve service dependability. Undo enables system operators to 
recover from their inevitable mistakes and furthermore enables retroactive repair of 
problems that were not fixed quickly enough to prevent detrimental effects. We present 
the "three R's", a model of undo that matches the needs of huma ... 

8 Defensive techniques: Proactive security for mobile messaging networks Q 
Abhijit Bose, Kang G. Shin 

September 2006 Proceedings of the 5th ACM workshop on Wireless security WiSe '06 
Publisher: ACM Press 

Full text available: ^pdf(281.53 KB) Additional Information: full citation , abstract , references , index terms 

The interoperability of IM (Instant Messaging) and SMS (Short Messaging Service) 
networks allows users to seamlessly use a variety of computing devices from desktops to 
cellular phones and mobile handhelds. However, this increasing convergence has also 
attracted the attention of malicious software writers. In the past few years, the number of 
malicious codes that target messaging networks, primarily IM and SMS, has been 
increasing exponentially. Large message volume and number of users in these ... 

Keywords: Instant Messaging (IM), SMS/MMS, containment, mobile viruses, proactive 
security, worms 



9 Detecting intruders on a campus network: might the threat be coming from within? Q 
Rich Henders, Bill Opdyke 

November 2005 Proceedings of the 33rd annual ACM SIGUCCS conference on User 

services SIGUCCS '05 
Publisher: ACM Press 

Full text available; ^ pdf(1 88.88 KB) Additional Information: full citation , abstract , references , index terms 

Campus networks, and the Information Technology organizations that support these 
networks, are facing security threats that are increasing in both size and complexity. 
Students, faculty and (non-academic) staff collectively provide a broad set of expectations 
and challenges to securely support. Intrusive actions and security challenges may 
originate outside or within a network. Security and trust can be difficult to maintain in 
such an environment. Intrusion detection is an important part of a c ... 

Keywords: intrusion detection, snort 



10 Building an e-mail virus detection system for your network 
Dave Jones 

December 2001 Linux Journal, volume 2001 issue 92 
Publisher: Specialized Systems Consultants, Inc. 

Full text available: |g| html(22.15 KB) Additional Information: full citation , abstract , index terms 
Jones gives a great example of a homegrown virus protection system. 

11 
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Behavior-based modeling and its application to Email analysis Q 
Salvatore J. Stolfo, Shlomo Hershkop, Chia-Wei Hu, Wei-Jen Li, Olivier Nimeskern, Ke Wang 
May 2006 ACM Transactions on Internet Technology (TOIT), volume 6 issue 2 

Publisher: ACM Press 

Full text available: ^ pdf(1.25 MB) Additional Information: full citation , abstract , references , index terms 

The Email Mining Toolkit (EMT) is a data mining system that computes behavior profiles 
or models of user email accounts. These models may be used for a multitude of tasks 
including forensic analyses and detection tasks of value to law enforcement and 
intelligence agencies, as well for as other typical tasks such as virus and spam detection. 
To demonstrate the power of the methods, we focus on the application of these models to 
detect the early onset of a viral propagation without "c ... 

Keywords: Email virus propagations, anomaly detection, behavior profiling 

12 Development and delivery of a computer security strategy for a community of end Q 
users 

Allan R. Jones 

December 1992 Proceedings of the 20th annual ACM SIGUCCS conference on User 

services 
Publisher: ACM Press 

Full text available: ^ pdf(456.80 KB) Additional Information: full citation , index terms 



13 Workshop on architectural support for security and anti-virus (WASSA): Using 
instruction block signatures to counter code injection attacks 
Milena Milenkovic, Aleksandar Milenkovic, Emil Jovanov 

March 2005 ACM SIGARCH Computer Architecture News, volume 33 issue l 
Publisher: ACM Press 

Full text available: ^ pdf(283.67 KB) Additional Information: full citation , abstract , references , index terms 

With more computing platforms connected to the Internet each day, computer system 
security has become a critical issue. One of the major security problems is execution of 
malicious injected code. In this paper we propose new processor extensions that allow 
execution of trusted instructions only. The proposed extensions verify instruction block 
signatures in run-time. Signatures are generated during a trusted installation process, 
using a multiple input signature register (MISR), and stored in an ... 

14 The costly implications of consulting in a virus-infected computer environment 
ygjv K. Nunez, T. Gerace, A. Hartman 

October 1989 Proceedings of the 17th annual ACM SIGUCCS conference on User 

Services 
Publisher: ACM Press 

Full text available: ^ pdf(468.70 KB) Additional Information: full citation , index terms 



1 5 WBIA'05: ASM: application security monitor 
Micha Moffie, David Kaeli 

December 2005 ACM SIGARCH Computer Architecture News, volume 33 issue 5 
Publisher: ACM Press 

Full text available: ^ pdf(246.65 KB) Additional Information: full citation , abstract , references , index terms 
Our Application Security Monitor (ASM) is a run-time monitor that dynamically collects 
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execution -related data. ASM is part of a security framework that will allow us to explore 
different security policies aimed at identifying malicious behavior such as Trojan horses 
and backdoors Jn this paper, we show what type of data ASM can collect and illustrate 
how this data can be used to enforce a security policy. Using ASM we are able to explore 
different tradeoffs between security and ... 

16 Intrusion detection and response: MET: an experimental system for Malicious Email Q 
<g> Tracking 

^ Manasi Bhattacharyya, Shlomo Hershkop, Eleazar Eskin 

September 2002 Proceedings of the 2002 workshop on New security paradigms 
Publisher: ACM Press 

Full text available* f £l pdf(790.18 KB) Additional Information: full citation , abstract , references , citings , index 
l^r^—* : terms 

Despite the use of state of the art methods to protect against malicious programs, they 
continue to threaten and damage computer systems around the world. In this paper we 
present MET, the Malicious Email Tracking system, designed to automatically report 
statistics on the flow behavior of malicious software delivered via email attachments both 
at a local and global level. MET can help reduce the spread of malicious software 
worldwide, especially self-replicating viruses, as well as provide furth ... 

Keywords: anti-virus, email attachment, email tracking, virus detection 



17 Security considerations for remote electronic voting 
Aviel D. Rubin 

December 2002 Communications of the ACM, Volume 45 issue 12 
Publisher: ACM Press 
Full text available: ffl pdf(209.26 KB) 



j#] html(31.18 KB) Addit ' ona l Information: full citation , abstract , references , index terms 

Introducing state-of-the art technology into the election process implies new risks that 
may not be worth taking. 

18 Conscientious software 

Richard P. Gabriel, Ron Goldman 

October 2006 ACM SIGPLAN Notices , Proceedings of the 21st annual ACM SIGPLAN 
conference on Object-oriented programming languages, systems, and 
applications OOPSLA '06, Volume 41 Issue 10 
Publisher: ACM Press 

Full text available: ^ pdf(1.52 MB) Additional Information: full citation , abstract , references , index terms 

Software needs to grow up and become responsible for itself and its own future by 
participating in its own installation and customization, maintaining its own health, and 
adapting itself to new circumstances, new users, and new uses. To create such software 
will require us to change some of our underlying assumptions about how we write 
programs. A promising approach seems to be to separate software that does the work 
(allopoietic)from software that keeps the system alive (autopoietic). 

Keywords: autopoiesis, continuous (re)design, emergence, feedback, repair, robustness, 
self-sustaining systems, self-testing, software, software complexity, stigmergy 



19 Session 2: On the effectiveness of automatic patching 
&i Milan VojnoviC, Ayalvadi Ganesh 

November 2005 Proceedings of the 2005 ACM workshop on Rapid malcode WORM '05 
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Publisher: ACM Press 

Full text available: ^| pdf(702.79 KB) Additional Information: full citation , abstract , references , index terms 

We study the effectiveness of automatic patching and quantify the speed of patch 
dissemination required for worm containment. We focus on random scanning as this is 
representative of current generation worms, though smarter strategies exist. We find that 
even such "dumb" worms require very fast patching. Our primary focus is on how delays 
due to worm detection and patch generation and dissemination affect worm spread. 
Motivated by scalability and trust issues, we consider a hierarchical system ... 

Keywords: automatic updates, epidemic, minimum broadcast curve, patching, software 
updates, virus, worm 
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^ and DIY monitoring 

^ Masato Masuya, Takash Yamanoue, Shinichiro Kubota 

November 2006 Proceedings of the 34th annual ACM SIGUCCS conference on User 

services SIGUCCS '06 
Publisher: ACM Press 

Full text available: ^ pdf(282.98 KB) Additional Information: full citation , abstract , references , index terms 

Monitoring network security of a university is one of the most important jobs for the 
network managers. Without the monitoring, it is hard to keep the network safe. It is 
common that the security policy of a university has the term which states that monitoring 
network security is a mandate. However it is very hard to monitor every part of a 
university's network by the limited number of staff and a limited amount of time and 
expense. In order to cope with these problems, we bought a commercial ne ... 

Keywords: IDS, audit, fire wall, monitor, network, policy, security 
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Publisher: IEEE Press 

Full text available: ^ pdf(594.79 KB) Additional Information: full citation , abstract , references , index terms 

After many Internet-scale worm incidents in recent years, it is clear that a simple self- 
propagating worm can quickly spread across the Internet and cause severe damage to 
our society. Facing this great security threat, we need to build an early detection system 
that can detect the presence of a worm in the Internet as quickly as possible in order to 
give people accurate early warning information and possible reaction time for 
counteractions. This paper first presents an Internet worm monitoring ... 

Keywords: computer network security, early detection, internet worm, network 
monitoring 
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An organized record of actual flaws can be useful to computer system designers, 
programmers, analysts, administrators, and users. This survey provides a taxonomy for 
computer program security flaws, with an Appendix that documents 50 actual security 
flaws. These flaws have all been described previously in the open literature, but in widely 
separated places. For those new to the field of computer security, they provide a good 
introduction to the characteristics of security flaws and how they ... 
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Worms, viruses, and other malware can be ticking bombs counting down to a specific 
time, when they might, for example, delete files or download new instructions from a 
public web server. We propose a novel virtual-machine-based analysis technique to 
automatically discover the timetable of a piece of malware, or when events will be 
triggered, so that other types of analysis can discern what those events are. This 
information can be invaluable for responding to rapid malware, and automating ... 
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This annotated bibliography reviews research in analyzing and detecting computer viruses 
and worms. This document focuses on papers that give information about techniques and 
systems detecting malicious code. 
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Publisher: ACM Press 

Full text available: ^ pdf(2.45 MB) Additional Information: full citation , abstract , citings , index terms 

On the evening of 2 November 1988, someone infected the Internet with a worm 
program. That program exploited flaws in utility programs in systems based on BSD- 
derived versions of UNIX. The flaws allowed the program to break into those machines 
and copy itself, thus infecting those systems. This program eventually spread to 
thousands of machines, and disrupted normal activities and Internet connectivity for 
many days.This report gives a detailed description of the components of the ... 
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^ Tim Fitzgerald 

>/ June 1995 ACM SIGUCCS Newsletter, Volume 25 issue 1-2 
Publisher: ACM Press 

Full text available: ^| pdf(427.33 KB) Additional Information: full citation , abstract , index terms 

Even in today's world of safeguarded networks and advanced detection software, 
computer viruses are still running amok in some of the seedier niches of cyberspace and 
hiding out on unclean disks and unprotected hard drives. Speculative rumors of wide- 
spread epidemics have only added to the confusion as computer users all over the world 
wonder if their systems are at risk and if there is any way to shield themselves from these 
stealth operatives of electronic malfeasance. 
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Jones gives a great example of a homegrown virus protection system. 
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Jintao Xiong 

October 2004 Proceedings of the 2004 ACM workshop on Rapid malcode 
Publisher: ACM Press 

Full text available: ^| pdf(283.77 KB) Additional Information: full citation , abstract , references , index terms 

Modern society is highly. dependent on the smooth and safe flow of information over 
communication and computer networks. Computer viruses and worms pose serious 
threats to the society by disrupting the normal information flow and collecting or 
destroying information without authorization. Compared to the effectiveness and ease of 
spreading worms and viruses, currently adopted defense schemes are slow to react and 
costly to implement. 

This paper proposes an automated email virus detecti ... 
Keywords: contact tracing, transmission chain, worm defense 
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Edited by Peter G. Neumann (Risks Forum Moderator and Chairman of the ACM 
Committee on Computers and Public Policy), plus personal contributions by others, as 
indicated. Opinions expressed are individual rather than organizational, and all of the 
usual disclaimers apply. We address problems relating to software, hardware, people, and 
other circumstances relating to computer systems. To economize on space, we include 
pointers to items in the online Risks Forum: (R i j) denotes RISKS vol i number ... 
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Scalable management and self-organizational capabilities are emerging as central 
requirements for a generation of large-scale, highly dynamic, distributed applications. We 
have developed an entirely new distributed information management system called 
Astrolabe. Astrolabe collects large-scale system state, permitting rapid updates and 
providing on-the-fly attribute aggregation. This latter capability permits an application to 
locate a resource, and also offers a scalable way to track sys ... 

Keywords: Aggregation, epidemic protocols, failure detection, gossip, membership, 
publish-subscribe, scalability 
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Full text available: ^ pdf(910.68 KB) Additional Information: full citation , abstract , references , index terms 

How does the Web look? How could we tell an abnormal social network from a normal 
one? These and similar questions are important in many fields where the data can 
intuitively be cast as a graph; examples range from computer networks to sociology to 
biology and many more. Indeed, any M : N relation in database terminology can be 
represented as a graph. A lot of these questions boil down to the following: "How can we 
generate synthetic but realistic graphs?" To answer thi ... 
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Monitoring any portion of the Internet address space reveals incessant activity. This holds 
even when monitoring traffic sent to unused addresses, which we term "background 
radiation. " Background radiation reflects fundamentally nonproductive traffic, either 
malicious (flooding backscatter, scans for vulnerabilities, worms) or benign 
(misconfigurations). While the general presence of background radiation is well known to 
the network operator community, its nature has yet to be broadly charac ... 
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Monitoring network security of a university is one of the most important jobs for the 
network managers. Without the monitoring, it is hard to keep the network safe. It is 
common that the security policy of a university has the term which states that monitoring 
network security is a mandate. However it is very hard to monitor every part of a 
university's network by the limited number of staff and a limited amount of time and 
expense. In order to cope with these problems, we bought a commercial ne ... 
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As more business activities are being automated and an increasing number of computers 
are being used to store sensitive information, the need for secure computer systems 
becomes more apparent. This need is even more apparent as systems and applications 
are being distributed and accessed via an insecure network, such as the Internet. The 
Internet itself has become critical for governments, companies, financial institutions, and 
millions of everyday users. Networks of computers support a multitude ... 
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